
United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
United States Patent and Trademark Office 
Address: COMMISSIONER FOR PATENTS 
P.O. Box 1450 

Alexandria, Virginia 22313-1450 
www.u^)lo.gov 



APPLICATION NO. 



FILING DATE 



RRST NAMED INVENTOR 



ATTORNEY DOCKET NO. 



CONFIRMATION NO. 



09/740,801 



12/21/2000 



7590 04/08/2004 

Miles & Stockbridge P.C. 
Suite 500 

1751 Pinnacle Drive 
McLean, VA 22102-3833 



Valerie Favicr 



T3264-906761 



6156 



EXAMINER 



YUSSUF, SAJID 



ART UNIT 



PAPER NUMBER 



2141 

DATE MAILED: 04/08/2004 



Please find below and/or attached an Office communication concerning this application or proceeding. 



PTO-90C (Rev. 10/03) 



Office Action Summary 



Application No. 

09/740,801 



Examiner 

Sajid A Yussuf 



Appltcant(s) 

FAVIER ETAL 



Art Unit 
2141 



The MAILING DATE of this communication appears on the cover sheet with the correspondence address 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

• If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

• Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
eamed patent term adjustment. See 37 CFR 1.704(b). 

Status 

I )I3 Responsive to cx)mmunication(s) filed on 12/31/2000-6/12/204 , 
2a)n This action is FINAL. 2b)l3 This action is non-final. 

3) 0 Since this application is in condition for allowance except for fomnal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 1 1 , 453 O.G. 213. 

Disposition of Claims 

4) H Claim(s) 11-26 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) 13 Claim(s) 11-26 is/are rejected. 
?)□ Claim(s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) H The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 21 December 2000 is/are: a)n accepted or b)[3 objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the con-ection is required if the drawing{s) is objected to. See 37 CFR 1.121(d). 

I I )□ The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)13 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
bM All b)n Some * 0)0 None of: 

1 Certified copies of the priority documents have been received. 
2.n Certified copies of the priority documents have been received in Application No. 



3.n Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 
Priority 

1. Acknowledgment is made of applicant's claim for foreign priority under 35 U.S.C. 119(a)-(d). 
The certified copy has been received. 

Drawings 

2. New corrected drawings are required in this application because terms dictated on the 
drawings are in another language consider translating all necessary terms to English. Applicant is 
advised to employ the services of a competent patent draftsperson outside the Office, as the U.S. 
Patent and Trademark Office no longer prepares new drawings. The corrected drawings are required 
in reply to the Office action to avoid abandonment of the application. The requirement for corrected 
drawings will not be held in abeyance. 

Specification 

3. The title of the invention is not descriptive. A new title is required that is clearly indicative 
of the invention to which the claims are directed. 

Claim Rejections ■ 35 USC §102 

4. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in a patent granted on an application for patent by another 
filed in the United States before the invention thereof by the applicant for patent, or on an 
international application by another who has fulfilled the requirements of paragraphs (1), 
(2), and (4) of section 371(c) of this title before the invention thereof by the applicant for 
patent. 

5. The changes made to 35 U.S.C. 102(e) by the American Inventors Protection Act of 1999 
(AIPA) and the Intellectual Property and High Technology Technical Amendments Act of 2002 do not 
apply when the reference is a U.S. patent resulting directly or indirectly from an international 
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application filed before November 29, 2000. Therefore, the prior art date of the reference is 
determined under 35 U.S.C. 102(e) prior to the amendment by the AIPA (pre-AlPA 35 U.S.C. 102(e)). 

6. Claim(s) 11-26 is/are rejected under 35 U.S.C. 102(e) as being anticipated by Reid et al. (US 
Patent No. 6,182,226 and Reid hereinafter) 

7. As per claim(s) 1 1,23 Reid discloses configuring a firewall (1) in a computer system (2), (See 
Column 2 Lines 55-60) comprising resources (4), (See Column 3 Lines 26-35) including objects (3) 
(i.e., servers 86 workstations) having an access control policy and an established central 
configuration machine (14) (i.e.. Firewall SECURE ZONE (34)), (See Column 2 Lines 53-67) for 
grouping the objects (3) of the system into internal (5) and external (6) protection domains, a firewall 
(1) ensuring the protection of an internal domain (5) relative to an external domain (6), and means 
for applying to the firewall in question a rule (i.e., access rules) for controlling access between a 
source resource (4) and a destination resource only if said source and destination resources belong 
to the same protection domain (5) or (6), (See Column 5 Lines 32-67 8& Column 6 Lines 1-19). 

8. As per claim(s) 12 Reid teaches the claimed invention as described in claim(s) 11 above and 
furthermore discloses determining the protection domain of the resources (4) by means of firewall 
network interfaces (10) through which communications pass in order to reach said resources, (See 
Column 3 Lines 17-30). 

9. As per claim(s) 13 Reid teaches the claimed invention as described in claim(s) 11-12 above 
and furthermore discloses defining zones, (i.e., DMZ), (See Column 3 Lines 1-15) (8) comprising 
networks or sub-networks, associating the network interfaces (10) of firewalls to which said zones; 
wherein provides protected access to server to internal user 8b external entities are connected with 
an internal or external domain, determining the incoming and outgoing network interfaces (10), (See 
Column 4 Lines 49-67 Column 5 Lines 1-15) of current traffic, analyzing whether said network 
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interfaces are attached to an internal or external domain, and applying the rule for controlling 
access only if both network interfaces are attached to the same internal domain (5), and the 
resources belong to the same protection domain, (See Column 3 Lines 19-40). 

10. As per claim(s) 14 Reid teaches the claimed invention as described in claim(s) 11-13 above 
and furthermore discloses composes groups of objects (3) (i.e., regions) for which the access control 
policy is identical (i.e., same regions) and the rule for controlling access is applied between each of 
the resources of a source group and a destination group, (See Column 4 Lines 49-67 85 Column 5 
Lines 1-15). 

11. As per claim(s) 15 Reid teaches the claimed invention as described in claim(s) 11-14 above 
and furthermore discloses it composes groups of objects (3) (i.e., regions) for which the access 
control policy is identical (i.e., same regions) and the rule for controlling access is applied between 
each of the resources of a source group and a destination group, (See Column 4 Lines 49-67 8b 
Column 5 Lines 1-15). 

12. As per claim(s) 16 Reid teaches the claimed invention as described in claim(s) 11-15 above 
and furthermore discloses composes groups of objects (3) (i.e., regions) for which the access control 
policy is identical (i.e., same regions) and the rule for controlling access is applied between each of 
the resources of a source group and a destination group, (See Column 4 Lines 49-67 8b Column 5 
Lines 1-15). 

13. As per claim(s) 17 Reid teaches the claimed invention as described in claim(s) 11-16 above 
and furthermore discloses characterizing the rule for controlling access with a local or global scope; 
wherein a local scope is interpreted as rules that are specific to the network the firewall is connected 
to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" where only the specific 
users are affected to the applied rules; Similarly, global scope rules are rules applied throughout the 
network such as "filter nodes" where the rule is applied to www connections where www is the entire 
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network; it is therefore the examiners humble request that the applicant read the cited column and 
line numbers to its entirety to gain full understanding of the rules defined in the reference, applying 
the rule to the resources in question only if said resources belong to the same protection domain (5) 
or (6) when the scope of the rule is loceil, and applying the rule to all of the resources in question 
when the scope of the rule is globsJ, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 
Lines 1-59). 

14. As per claim(s) 18 Reid teaches the claimed invention as described in claim(s) 11-17 above 
and furthermore discloses characterizing the rule for controlling access with a local or global scope; 
wherein a local scope is interpreted as rules that are specific to the network the firewall is connected 
to, such as, "allow or deny terminal nodes" or "decision nodes" or *alerts" where only the specific 
users are affected to the applied rules; Similarly, global scope rules are applied throughout the 
network such as "filter nodes" where the rule is applied to www connections where www is the entire 
network; it is therefore the examiners humble request that the applicant read the cited column and 
line numbers to its entirety to gain full understanding of the rules defined in the reference, applying 
the rule to the resources in question only if said resources belong to the same protection domain (5) 
or (6) when the scope of the rule is local, and applying the rule to all of the resources in question 
when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 
Lines 1-59). 

15. As per claim(s) 19 Reid teaches the claimed invention as described in claim(s) 11-18 above 
and furthermore discloses characterizing the rule for controlling access with a local or global scope; 
wherein a local scope is interpreted as rules that are specific to the network the firewall is connected 
to, such as, "allow or deny terminal nodes" or "decision nodes" or *alerts" where only the specific 
users are affected to the applied rules; Similarly, global scope rules are rules applied throughout the 
network such as "filter nodes" where the rule is applied to www connections where www is the entire 
network; it is therefore the examiners humble request that the applicant read the cited column eind 
line numbers to its entirety to gain full understanding of the rules defined in the reference, applying 
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the rule to the resources in question only if said resources belong to the same protection domain (5) 
or (6) when the scope of the rule is local, and applying the rule to all of the resources in question 
when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 
Lines 1-59). 

16. As per claim(s) 20 Reid teaches the claimed invention as described in claim(s) 11-19 above 
and furthermore discloses characterizing the rule for controlling access with a local or global scope; 
wherein a local scope is interpreted as rules that are specific to the network the firewall is connected 
to, such as, "allow or deny terminal nodes" or "decision nodes" or 'alerts" where only the specific 
users are affected to the applied rules; Similarly, global scope rules are rules applied throughout the 
network such as "filter nodes" where the rule is applied to www connections where www is the entire 
network; it is therefore the examiners humble request that the applicant read the cited column and 
line numbers to its entirety to gain full understanding of the rules defined in the reference, applying 
the rule to the resources in question only if said resources belong to the same protection domain (5) 
or (6) when the scope of the rule is local, and applying the rule to all of the resources in question 
when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 
Lines 1-59). 

17. As per claim(s) 21 Reid teaches the claimed invention as described in claim(s) 11-20 above 
and furthermore discloses characterizing the rule for controlling access with a local or global scope; 
wherein a local scope is interpreted as rules that are specific to the network the firewall is connected 
to, such as, "allow or deny terminal nodes" or "decision nodes" or *alerts" where only the specific 
users are affected to the applied rules; Similarly, global scope rules are rules applied throughout the 
network such as "filter nodes" where the rule is applied to www connections where www is the entire 
network; it is therefore the examiners humble request that the applicant read the cited column and 
line numbers to its entirety to gain full understanding of the rules defined in the reference, applying 
the rule to the resources in question only if said resources belong to the same protection domain (5) 
or (6) when the scope of the rule is local, and applying the rule to all of the resources in question 
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when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 
Lines 1-59). 

18. As per claim(s) 22 Reid teaches the claimed invention as described in claim(s) 11-21 above 
and furthermore discloses characterizing the rule for controlling access with a local or global scope; 
wherein a local scope is interpreted as rules that are specific to the network the firewall is connected 
to, such as, "allow or deny terminal nodes" or "decision nodes" or *alerts" where only the specific 
users are affected to the applied rules; Similarly, global scope rules are rules applied throughout the 
network such as "filter nodes" where the rule is applied to www connections where www is the entire 
network; it is therefore the examiners humble request that the applicant read the cited column and 
line numbers to its entirety to gain full understanding of the rules defined in the reference, applying 
the rule to the resources in question only if said resources belong to the same protection domain (5) 
or (6) when the scope of the rule is local, and applying the rule to all of the resources in question 
when the scope of the rule is global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 
Lines 1-59). 

19. As per claim(s) 24 Reid teaches the claimed invention as described in claim(s) 23 above and 
furthermore discloses it further comprises a graphical interface (15) from which an administrator (7) 
can enter the domains (5) and (6) and the access control rules, (See Column 7 Lines 8-39). 

20. As per claim(s) 25 Reid teaches the claimed invention as described in claim(s) 23-24 above 
and furthermore discloses the graphical interface allows the administrator (7) to define a local or 
global scope for the access control rule, wherein a local scope is interpreted as rules that are specific 
to the network the firewall is connected to, such as, "allow or deny terminal nodes" or "decision 
nodes" or 'alerts" where only the specific users are affected to the applied rules; Similarly, global 
scope rules are rules applied throughout the network such as "filter nodes" where the rule is applied 
to www connections where www is the entire network; it is therefore the examiners humble request 
that the applicant read the cited column and line numbers to its entirety to gain full understanding 
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of the rules defined in the reference, and in that the machine (14) applies the rule to the resources 
in question only if said resources belong to the same protection domain (5) or (6) when the scope of 
the rule is local, and applies the rule to all of the resources in question when the scope of the rule is 
global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

21. As per claim(s) 26 Reid teaches the claimed invention as described in claim(s) 23-25 above 
and furthermore discloses the graphical interface allows the administrator (7) to define a local or 
global scope for the access control rule, wherein a local scope is interpreted as rules that are specific 
to the network the firewall is connected to, such as, "allow or deny terminal nodes" or "decision 
nodes" or 'alerts" where only the specific users are affected to the applied rules; Similarly, global 
scope rules are rules applied throughout the network such as "filter nodes" where the rule is applied 
to www connections where www is the entire network; it is therefore the examiners humble request 
that the applicant read the cited column and line numbers to its entirety to gain full understanding 
of the rules defined in the reference, and in that the machine (14) applies the rule to the resources 
in question only if said resources belong to the same protection domain (5) or (6) when the scope of 
the rule is local, and applies the rule to all of the resources in question when the scope of the rule is 
global, (See Column 5 Lines 64-67, Column 6 Lines 1-67, Column 7 Lines 1-59). 

Conclusion 

22. The prior art made of record and not relied upon is considered pertinent to applicant's 
disclosure. 

a. Antur et al. (US Patent No. 6,212,558) discloses a method and apparatus for 
configuring and managing firewalls and security devices; 

23. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Sajid A Yussuf whose telephone number is (703) 305-8752. The examiner can 
normally be reached on Monday-Thursday 7:30-5:00 PM and Alternate Fridays. 
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24. If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, 
Rupal Dharia can be reached on (703) 305-4003. The fax phone number for the organization where 



this application or proceeding is assigned is (703) 872-9306. 

25. Any inquiry of a general nature or relating to the status of this application or proceeding 
should be directed to the receptionist whose telephone number is (703) 305-3900. 




